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~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address- 
All claims being allowable, PROSECUTION ON THE MERITS IS (OR REMAINS) CLOSED in this application. If not included 
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EXAMINER'S AMENDMENT 

An examiner's amendment to tine record appears below. Sliould tine clianges 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1 .312. To ensure consideration of such an amendment, it MUST be 

submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with David E. Huang on September 8, 2010. 

The application has been amended as follows: 

Upon entrance of this proposed claim amendment, this listing of claims would replace 
all prior versions and listings of claims in the Application: 

1 . (Currently amended) A method of blocking attacks on a protected computer 
network, comprising: 

receiving , by processing circuitrv. a plurality of packets from a network, each said 
packet having a packet time to live (TTL) value and belonging to a 
corresponding packet flow; 
storing , by the processing circuitrv. the smallest packet TTL value received from 

each said corresponding packet flow; and 
prior to transmitting each said packet, setting , by the processing circuitrv. said 
packet TTL value to said smallest packet TTL value received for said 
corresponding packet flow; 
wherein storing the smallest packet TTL value received from each said 
corresponding packet flow includes, for each said packet: 
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if that packet is tlie first pacl^et received from said corresponding packet 
flow, then storing the packet TTL value of that packet as said smallest 
packet TTL value received from said corresponding packet flow; 

if that packet is not the first packet received from said corresponding 
packet flow and the packet TTL value of that packet is less than the 
stored smallest packet TTL value received from said corresponding 
packet flow, then storing the packet TTL value of that packet as said 
smallest packet TTL value received from said corresponding packet 
flow; and 

if that packet is not the first packet received from said corresponding 
packet flow and the packet TTL value of that packet is greater than the 
stored smallest packet TTL value received from said corresponding 
packet flow, then refraining from storing the packet TTL value of that 
packet as said smallest packet TTL value received from said 
corresponding packet flow. 

2. (Previously Presented) The method of Claim 1 , wherein said storing the smallest 
packet TTL value further comprises: 

associating an epoch with said stored smallest packet TTL value; and 
if said epoch is greater than a predefined value, discarding said stored smallest 
packet TTL value. 

3. (Original) The method of Claim 1 , further comprising periodically resetting said 
stored smallest packet TTL value to a maximum value. 

4. (Original) The method of Claim 1 , wherein said setting said packet TTL value 
comprises: 

determining if said corresponding packet flow is on an unrestricted list; 
and if said corresponding packet flow is on said unrestricted list, setting said 
packet TTL value to a maximum value. 
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5. (Original) The method of Claim 1 , wherein said setting said packet TTL value 
comprises: 

determining if said corresponding packet flow is on an unrestricted list; 
and if said corresponding packet flow is on said unrestricted list, leaving said 
packet TTL value unchanged. 

6. (Currently amended) An apparatus for blocking attacks on a protected computer 
network, comprising: 

processing circuitry moons for receiving a plurality of packets from a network, 
each said packet having a packet time to live (TTL) value and belonging to a 
corresponding packet flow; 
processing circuitrv m e ans for storing the smallest packet TTL value received 

from each said corresponding packet flow; and 
processing circuitrv means for setting said packet TTL value to said smallest 
packet TTL value received for said corresponding packet flow prior to 
transmitting each said packet; 
wherein said processing circuitrv moans for storing the smallest packet TTL 
value received from each said corresponding packet flow includes means for, 
for each said packet: 

if that packet is the first packet received from said corresponding packet 
flow, then storing the packet TTL value of that packet as said smallest 
packet TTL value received from said corresponding packet flow; 
if that packet is not the first packet received from said corresponding 
packet flow and the packet TTL value of that packet is less than the 
stored smallest packet TTL value received from said corresponding 
packet flow, then storing the packet TTL value of that packet as said 
smallest packet TTL value received from said corresponding packet 
flow; and 

if that packet is not the first packet received from said corresponding 
packet flow and the packet TTL value of that packet is greater than the 



Application/Control Number: 10/820,591 
Art Unit: 2445 



Page 5 



stored smallest packet TTL value received from said corresponding 
packet flow, then refraining from storing the packet TTL value of that 
packet as said smallest packet TTL value received from said 
corresponding packet flow. 

7. (Currently amended) The apparatus of Claim 6, wherein said processing circuitry 
m e ans for storing the smallest packet TTL value further comprises: 

means for associating an epoch with said stored smallest packet TTL value; and 
means for discarding said stored smallest packet TTL value if said epoch is 
greater than a predefined value. 

8. (Original) The apparatus of Claim 6, further comprising means for periodically 
resetting said stored smallest packet TTL value to a maximum value. 

9. (Currently amended) The apparatus of Claim 6, wherein said processing circuitry 
m e ans for setting said packet TTL value comprises: 

means for determining if said corresponding packet flow is on an unrestricted list; 
and 

means for setting said packet TTL value to a maximum value if said 
corresponding packet flow is on said unrestricted list. 

1 0. (Currently amended) The apparatus of Claim 6, wherein said processing circuitry 
m e ans for setting said packet TTL value comprises: 

means for determining if said corresponding packet flow is on an unrestricted list; 
and 

means for leaving said packet TTL value unchanged if said corresponding packet 
flow is on said unrestricted list. 

1 1 . (Previously Presented) An apparatus for blocking attacks on a protected computer 
network, comprising: 
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a packet classifier configured to receive a plurality of packets from a network, 
each said packet having a packet time to live (TTL) value and belonging to a 
corresponding packet flow; 
a memory configured to store the smallest packet TTL value received from each 

said corresponding packet flow; 
a TTL rewrite unit configured to set said packet TTL value to said smallest packet 
TTL value received for said corresponding packet flow prior to transmitting 
each said packet; and 
a controller, the controller being configured to, for each said packet: 

if that packet is the first packet received from said corresponding packet 
flow, then store in memory the packet TTL value of that packet as said 
smallest packet TTL value received from said corresponding packet 
flow; 

if that packet is not the first packet received from said corresponding 
packet flow and the packet TTL value of that packet is less than the 
stored smallest packet TTL value received from said corresponding 
packet flow, then store in memory the packet TTL value of that packet 
as said smallest packet TTL value received from said corresponding 
packet flow; and 

if that packet is not the first packet received from said corresponding 
packet flow and the packet TTL value of that packet is greater than the 
stored smallest packet TTL value received from said corresponding 
packet flow, then refrain from storing in memory the packet TTL value 
of that packet as said smallest packet TTL value received from said 
corresponding packet flow. 



12. (Previously Presented) The apparatus of Claim 11, wherein said memory comprises: 
first control means for associating an epoch with said stored smallest packet TTL 
value; and 
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second control means for discarding said stored smallest packet TTL value if 
said epoch is greater than a predefined value. 

13. (Original) The apparatus of Claim 1 1 , further comprising control means for 
periodically resetting said stored smallest packet TTL value to a maximum value. 

14. (Original) The apparatus of Claim 1 1 , wherein said TTL rewrite unit comprises: 

first control means for determining if said corresponding packet flow is on an 

unrestricted list; and 
second control means for setting said packet TTL value to a maximum value if 

said corresponding packet flow is on said unrestricted list. 

15. (Original) The apparatus of Claim 1 1 , wherein said TTL rewrite unit comprises: 

first control means for determining if said corresponding packet flow is on an 

unrestricted list; and 
second control means for leaving said packet TTL value unchanged if said 
corresponding packet flow is on said unrestricted list. 

Claims 16-20 (Canceled). 

21 . (Currently amended) A computer program product comprising a non-transitory 
computer-readable medium having instructions stored thereon that, when performed by 
a computer, cause the computer to perform the following operations: 

receiving a plurality of packets from a network, each said packet having a packet 

time to live (TTL) value and belonging to a corresponding packet flow; 
storing the smallest packet TTL value received from each said corresponding 
packet flow; and 

prior to transmitting each said packet, setting said packet TTL value to said 
smallest packet TTL value received for said corresponding packet flow; 
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wherein said instructions for storing the smallest packet TTL value received from 
each said corresponding packet flow comprise instructions that, when 
performed by the computer, cause the computer to perform the following 
operations: 

if that packet is the first packet received from said corresponding packet 
flow, then storing the packet TTL value of that packet as said smallest 
packet TTL value received from said corresponding packet flow; 

if that packet is not the first packet received from said corresponding 
packet flow and the packet TTL value of that packet is less than the 
stored smallest packet TTL value received from said corresponding 
packet flow, then storing the packet TTL value of that packet as said 
smallest packet TTL value received from said corresponding packet 
flow; and 

if that packet is not the first packet received from said corresponding 
packet flow and the packet TTL value of that packet is greater than the 
stored smallest packet TTL value received from said corresponding 
packet flow, then refraining from storing the packet TTL value of that 
packet as said smallest packet TTL value received from said 
corresponding packet flow. 

22. (Previously Presented) The computer program product of Claim 21 , wherein said 
instructions for storing the smallest packet TTL value further comprise instructions that, 
when performed by the computer, cause the computer to perform the following 
operations: 

associating an epoch with said stored smallest packet TTL value; and 
if said epoch is greater than a predefined value, discarding said stored smallest 
packet TTL value. 
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23. (Previously Presented) The computer program product of Claim 21 , further 
comprising instructions that, when performed by the computer, further cause the 
computer to perform the following operations: 

periodically resetting said stored smallest packet TTL value to a maximum value. 

24. (Previously Presented) The computer program product of Claim 21, wherein said 
instructions for setting said packet TTL value comprise instructions that, when 
performed by the computer, cause the computer to perform the following operations: 

determining if said corresponding packet flow is on an unrestricted list; and 
if said corresponding packet flow is on said unrestricted list, setting said packet 
TTL value to a maximum value. 

25. (Previously Presented) The computer program product of Claim 21 , wherein said 
instructions for setting said packet TTL value comprise instructions that, when 
performed by the computer, cause the computer to perform the following operations: 

determining if said corresponding packet flow is on an unrestricted list; and 
if said corresponding packet flow is on said unrestricted list, leaving said packet 
TTL value unchanged. 

Claims 26-38 (Canceled). 

39. (Previously Presented) The method of Claim 1, wherein: 

for each said packet, said packet TTL value is a value stored within the header of 
that packet; and 

the method further comprises transmitting each said packet across the protected 

computer network, said packet being configured to expire after a number of 
hops equal to said smallest packet TTL value received for said corresponding 
packet flow. 
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Reasons for Allowance 

The following is an examiner's statement of reasons for allowance: No prior art 
could be found to teach all of the claimed limitations. In particular, no prior art could be 
found to teach the claimed technique for storing the smallest value available as the TTL. 
The technique includes checking the incoming packets to see if they're the first packet 
received and checking packet TTL values. 

Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to AZIZUL CHOUDHURY whose telephone number is 
(571)272-3909. The examiner can normally be reached on M-F. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Vivek Srivastava can be reached on (571) 272-7304. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
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Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
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